logo
Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Options
Go to last post Go to first unread
dsanivsky@catchpoint.com  
#1 Posted : Friday, December 15, 2017 4:01:41 PM(UTC)
dsanivsky@catchpoint.com


Rank: Guest

Joined: 12/15/2017(UTC)
Posts: 1
United States

Thanks: 1 times
Hello Dev Team,

I need assistance adding the following response headers to the ScreenConnect WebServer:
X-xss-protection: 1; mode=block
X-frame-options: SAMEORIGIN
X-content-type-protection: nosniff
Strict-transport-security: max-age=631138519

Thank you,
Dimitry
Ben B  
#2 Posted : Friday, December 15, 2017 5:10:50 PM(UTC)
Ben B


Rank: Administration

Medals: Level 2: Lent a Helping Hand! 10 Thanks!

Joined: 10/2/2015(UTC)
Posts: 307

Thanks: 1 times
Was thanked: 63 time(s) in 58 post(s)
Originally Posted by: dsanivsky@catchpoint.com Go to Quoted Post
Hello Dev Team,

I need assistance adding the following response headers to the ScreenConnect WebServer:
X-xss-protection: 1; mode=block
X-frame-options: SAMEORIGIN
X-content-type-protection: nosniff
Strict-transport-security: max-age=631138519

Thank you,
Dimitry


You can do this through a custom extension composed of the following files:

Manifest.xml

Code:

<?xml version="1.0" encoding="utf-8"?>
<ExtensionManifest>
	<Version>1.0</Version>
	<Name>Add Custom Headers</Name>
	<Author>Custom Unsupported Extension</Author>
	<ShortDescription>Adds additional headers to all server responses</ShortDescription>
	<Components>
		<HttpModuleDefinition SourceFile="CustomHttpModule.cs" />
	</Components>
</ExtensionManifest>


CustomHttpModule.cs

Code:

using System;
using System.Collections.Generic;
using System.Web;
using System.Security;
using ScreenConnect;

public class CustomHttpModule : HttpModuleBase
{
	public override void OnBeginRequest(HttpContext context)
	{
		// add custom response headers to suite your needs
		context.Response.AddHeader("X-Frame-Options", "SAMEORIGIN");
		context.Response.AddHeader("X-XSS-Protection", "1; mode=block");
		context.Response.AddHeader("X-Content-Type-Options", "nosniff");
		context.Response.AddHeader("Strict-Transport-Security", "max-age=631138519");
	}
}


You'll need to install the Extension Developer extension onto your server and create a new extension from a template. Then copy over the xml/C# code listed in this post to the appropriate file. More information about creating a custom extension is found here (ignore parts related to publishing the extension): https://docs.connectwise...ension_development_guide

Cheers,
Ben
ScreenConnect Team
thanks 1 user thanked Ben B for this useful post.
dsanivsky@catchpoint.com on 12/20/2017(UTC)
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.